Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
simonfili
New Contributor

Created on ‎08-25-2018 06:57 AM

High level architecture questions (pre-sale)

Hi All,

 

I'm simply trying to see which Fortinet product I can use to 

1) Aggregate / load balance 2-3 wan link.  At a minimum 2 fiber from 2 source.  I would like an LTE backup for a 3rd link.  This is for a highly unstable environment

2) Having a firewall for protecting the network, connecting remotes sites with VPN links, all controlled by policies linked to AD groups.

 

Can I use one fortigate product for that or I need 2?

 

Thanks

3655
0 Kudos
1 Solution
ede_pfau
SuperUser
SuperUser

Created on ‎08-26-2018 06:59 AM

"aggregate" or "load balance"?

With 2 ISPs, you cannot use a FGT to aggregate the WAN lines for higher throughput and redundancy. You would have to use a device which combines data streams on Layer 2. This would require a second identical device on the other side to de-interlace.

LB, sure, use SD-WAN (formerly WLLB, formerly...). This combines load balancing with monitoring, esp. remote monitoring, covering not only device failure and link failure but also route failure some hops further up.

Ede Kernel panic: Aiee, killing interrupt handler!

View solution in original post

Ede Kernel panic: Aiee, killing interrupt handler!
1868
0 Kudos
3 REPLIES 3
ede_pfau
SuperUser
SuperUser

Created on ‎08-26-2018 06:59 AM

"aggregate" or "load balance"?

With 2 ISPs, you cannot use a FGT to aggregate the WAN lines for higher throughput and redundancy. You would have to use a device which combines data streams on Layer 2. This would require a second identical device on the other side to de-interlace.

LB, sure, use SD-WAN (formerly WLLB, formerly...). This combines load balancing with monitoring, esp. remote monitoring, covering not only device failure and link failure but also route failure some hops further up.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
1869
0 Kudos
simonfili
New Contributor
In response to ede_pfau

Created on ‎08-27-2018 06:09 AM

Thanks Ede for the info.

 

I was looking at this type of product: https://www.mushroomnetworks.com/truffle/

and was wondering if fortigate could do the same.  

 

From your comments, I could do load balance but not aggregate (bonding) which the truffle can do.

 

I have two "slow" fiber link on the project (2-5 Mbps), thus the need to aggregate.

 

For LB, SD-Wan can be used with a Fortigate 200E ?

 

Thanks

1847
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to simonfili

Created on ‎08-27-2018 01:47 PM

Yes, SD-WAN is a feature of FortiOS v5.4 and (better) v5.6, independent of the hardware. It combines zones, routing, dead gateway detecting via pingservers in a neat way.

Bonding OTOH is not in the feature set of a Fortigate, but might be in other Fortinet products (which I do not know enough to name). Maybe check out FortiADC.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
1847
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.